From 5bf0f512c8ebd811f28f2f94dd91ca2aafc09687 Mon Sep 17 00:00:00 2001
From: nmenag <nmena.garzon@gmail.com>
Date: Thu, 14 Dec 2023 16:10:20 -0500
Subject: [PATCH] add enrollment check plug

---
 apps/core/lib/core/schema/course.ex           |  2 ++
 .../controllers/topics/topics_controller.ex   |  2 ++
 apps/web/lib/web/plug/check_request.ex        | 26 +++++++++++++++----
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/apps/core/lib/core/schema/course.ex b/apps/core/lib/core/schema/course.ex
index 4a68295..142cee8 100644
--- a/apps/core/lib/core/schema/course.ex
+++ b/apps/core/lib/core/schema/course.ex
@@ -26,6 +26,8 @@ defmodule GoEscuelaLms.Core.Schema.Course do
 
   def find(uuid) do
     Repo.get(Course, uuid)
+    |> Repo.preload(:topics)
+    |> Repo.preload(:enrollments)
   end
 
   def create(attrs \\ %{}) do
diff --git a/apps/web/lib/web/controllers/topics/topics_controller.ex b/apps/web/lib/web/controllers/topics/topics_controller.ex
index cda88b5..54cc392 100644
--- a/apps/web/lib/web/controllers/topics/topics_controller.ex
+++ b/apps/web/lib/web/controllers/topics/topics_controller.ex
@@ -10,6 +10,8 @@ defmodule Web.Topics.TopicsController do
 
   plug :is_permit_authorized when action in [:create]
   plug :load_course when action in [:create]
+  plug :load_course when action in [:create]
+  plug :check_enrollment when action in [:create]
 
   @create_params %{
     name: [type: :string, required: true]
diff --git a/apps/web/lib/web/plug/check_request.ex b/apps/web/lib/web/plug/check_request.ex
index 3e0374b..7125a72 100644
--- a/apps/web/lib/web/plug/check_request.ex
+++ b/apps/web/lib/web/plug/check_request.ex
@@ -8,8 +8,6 @@ defmodule Web.Plug.CheckRequest do
   def load_course(conn, _) do
     course_id = conn.params["courses_id"]
 
-    IO.puts "COURSE_ID ==> #{course_id}"
-
     with :ok <- valid_uuids(course_id),
          course <- Course.find(course_id),
          false <- is_nil(course) do
@@ -21,11 +19,29 @@ defmodule Web.Plug.CheckRequest do
   end
 
   defp valid_uuids(id) do
-    with {:ok, _} <- Ecto.UUID.dump(id) do
+    case Ecto.UUID.dump(id) do
+    {:ok, _} ->
       :ok
-    else
+    _ ->
+      {:error, "invalid params"}
+    end
+  end
+
+  def check_enrollment(%{assigns: %{account: %{role: :organizer}}} = conn, _), do: conn
+
+  def check_enrollment(conn, _) do
+    user_id = conn.assigns.account.uuid
+    course = conn.assigns.course
+
+    case is_nil(
+           course.enrollments
+           |> Enum.find(fn enrollment -> enrollment.user_id == user_id end)
+         ) do
+      false ->
+        conn
+
       _ ->
-        {:error, "invalid params"}
+        Web.FallbackController.call(conn, {:error, :forbidden}) |> halt()
     end
   end
 end